aboutsummaryrefslogtreecommitdiff
path: root/roles/gitea/Readme.md
blob: dbc555d5193bc2e3c15e2e10cf51e03dcd4be33a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# kompetenzbolzen.stuff.gitea

normal gitea `app.ini` config parameters can be passed under `config.`

Available vars: `jwt_sec.content`, `int_tok.content`, `sec_key.content`.
These vars are base64 encoded and can be decoded with the `b64decode` filter.
This only matters for the `JWT_SECRET`.


```yaml
---
gitea:
  ldap:
    enable: true
    security: 'starttls'
    host: ''
    port: 389
    bind_dn: ''
    bind_pw: ''
    user_search_base: ''
    user_filter: ''
    admin_filter: ''
    username_attribute: 'uid'
    firstname_attribute: 'givenName'
    surname_attribute: 'sn'
    email_attribute: 'mail'
  version:
    ver: '1.21.1'
  config:
    APP_NAME: "Gitea: Git with a cup of tea"
    RUN_USER: git
    RUN_MODE: prod
    repository:
      ROOT: /home/git/gitea-repositories
    server:
      APP_DATA_PATH: /var/lib/gitea/data
      PROTOCOL: https
      DOMAIN: '{{ ansible_facts.fqdn }}'
      STATIC_URL_PREFIX:
      HTTP_ADDR: 0.0.0.0
      HTTP_PORT: 8443
      LOCAL_ROOT_URL: "%(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/"
      DISABLE_SSH: false
      SSH_DOMAIN: "%(DOMAIN)s"
      SSH_PORT: 22
      SSH_CREATE_AUTHORIZED_KEYS_FILE: true
      SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE: true
      CERT_FILE: '/etc/ssl/certs/ssl-cert-snakeoil.pem'
      KEY_FILE: '/etc/ssl/certs/ssl-cert-snakeoil.pem'
      LANDING_PAGE: login
    database:
      DB_TYPE: mysql
      HOST: db.example.com:3306
      NAME: db
      USER: dbuser
      PASSWD: "`dbpass`"
      SSL_MODE: true
      CHARSET: utf8mb4
    security:
      INSTALL_LOCK: true
      SECRET_KEY: '{{ sec_key.content }}'
      INTERNAL_TOKEN: '{{ int_tok.content }}'
      DISABLE_GIT_HOOKS: true
    service:
      DISABLE_REGISTRATION: true
      REQUIRE_SIGNIN_VIEW: true
      ENABLE_NOTIFY_MAIL: false
    webhook:
      ALLOWED_HOST_LIST: ''
    oauth2:
      ENABLE: false
      JWT_SECRET: '{{ jwt_sec.content }}'
```